5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
IBM DataPower Gateway is a set of security and integration platforms from IBM USA designed specifically for mobile, cloud, application programming interface (API), web, service-oriented architecture (SOA), B2B, and cloud workloads. The platform protects, integrates, and optimizes access across channels using a dedicated gateway platform.A cross-site scripting vulnerability exists in IBM DataPower Gateway, which stems from the program’s lack of data validation filtering of user-provided data and output. An attacker could exploit the vulnerability to embed arbitrary JavaScript code in the Web UI to alter the intended functionality, which could lead to credential disclosure in a trusted session.